Right to Erasure Policy - Pilla Platform

Last Updated: 1st August 2025 Version: 1.0

1. Overview

This Right to Erasure Policy explains how individuals can request deletion of their personal data from the Pilla platform in accordance with UK GDPR, EU GDPR, and other applicable data protection laws.

What is the Right to Erasure?
The Right to Erasure (also known as the "Right to be Forgotten") allows individuals to request deletion of their personal data under specific circumstances. This right empowers users to control their personal information and requires organizations to delete data when legally appropriate.

Company Information:

2. When Right to Erasure Applies

You have the right to request erasure of your personal data when:

Legitimate Grounds for Erasure:

  • No longer necessary: Personal data is no longer needed for the original purpose
  • Consent withdrawal: You withdraw consent and there's no other legal basis for processing
  • Unlawful processing: Data has been processed illegally or without proper authorization
  • Legal obligation: Erasure is required to comply with a legal obligation
  • Objection to processing: You object to processing based on legitimate interests and no overriding legitimate grounds exist
  • Child data: Data was collected from a child without proper parental consent

Employment Context:

In the context of employee management platforms:

  • You can request deletion when leaving employment
  • Personal preferences and non-essential data can be deleted anytime
  • Work-related performance data may be subject to employer retention policies

3. When Right to Erasure Does Not Apply

We may refuse or delay erasure requests when:

Legal Exceptions:

  • Legal compliance: Retention required by employment law, tax law, or other regulations
  • Legal claims: Data needed for establishing, exercising, or defending legal claims
  • Public interest: Processing necessary for public health, scientific research, or historical purposes
  • Freedom of expression: Deletion would infringe on freedom of expression and information rights

Specific Retention Requirements:

  • Employment records: Up to 7 years (UK employment law)
  • Financial records: 7 years (HMRC requirements)
  • Health and safety records: As required by workplace regulations
  • Legal dispute records: Until resolution plus applicable limitation periods

Technical Limitations:

  • Backup systems: May take up to 90 days to fully purge from all backup systems
  • Anonymized data: Truly anonymized data that cannot identify you may be retained
  • Shared content: Work-related content shared with team members may remain accessible

4. How to Request Erasure

Step 1: Contact Your Employer First

As an employee user, your employer is typically the Data Controller:

  • Contact your HR department or system administrator
  • Follow your organization's data deletion procedures
  • Request confirmation of your deletion request

Step 2: Direct Request to Pilla

If employer contact is not possible or appropriate:

Email Requests:

In-App Requests:

  • Open Pilla mobile app
  • Navigate to Settings > Account > Data Deletion
  • Follow the guided deletion process

Web Platform:

  • Log into your Pilla account
  • Visit Account Settings > Privacy > Request Data Deletion
  • Complete the deletion request form

Postal Requests:

Data Protection Officer
Your Pilla Ltd
Clockwise, Edward Pavilion
Royal Albert Dock
Liverpool, L3 4AF
United Kingdom

Step 3: Required Information

Include the following in your request:

  • Full name as registered in your account
  • Email address associated with your account
  • Employee ID (if known)
  • Employer/organization name
  • Specific data you want deleted (if not all data)
  • Reason for deletion (helps us process faster)
  • Preferred confirmation method (email/phone)

Step 4: Identity Verification

To prevent unauthorized deletion requests, we may ask you to:

  • Confirm account details
  • Provide additional identification
  • Verify through your registered email address
  • Obtain employer confirmation (for work accounts)

5. Processing Your Request

Response Timeline:

  • Acknowledgment: Within 5 business days
  • Initial assessment: Within 15 business days
  • Final decision: Within 30 calendar days (may extend to 60 days for complex cases)
  • Completion: Deletion completed within stated timeframes

Assessment Process:

  1. Identity verification to ensure request authenticity
  2. Legal basis review to determine if exceptions apply
  3. Data mapping to identify all stored personal data
  4. Employer consultation (for employee data)
  5. Third-party notification (where applicable)
  6. Deletion execution across all systems and backups

Decision Outcomes:

Full Approval:

  • All requested data will be deleted
  • Confirmation email sent with deletion details
  • Account access terminated immediately

Partial Approval:

  • Some data deleted, some retained for legal reasons
  • Detailed explanation of what's deleted vs. retained
  • Specific retention periods provided

Refusal:

  • Clear explanation of legal reasons for refusal
  • Information about your right to appeal
  • Contact details for supervisory authority

6. What Data Gets Deleted

Personal Data (Deleted):

  • Account information: Name, email, phone number, profile photos
  • User preferences: Settings, customizations, notification preferences
  • Usage analytics: Personal app usage patterns, login history
  • Communications: Support conversations, feedback, survey responses
  • Device data: Mobile device identifiers, IP addresses
  • Location data: Approximate and precise location data (if collected)

Work-Related Data (Employer Controlled):

  • Performance data: Goals, tasks, evaluations, metrics
  • Schedule information: Work hours, availability, time-off requests
  • Training records: Certifications, course completions
  • Team communications: Work-related messages and collaborations

Legally Retained Data:

  • Employment records: As required by employment law (up to 7 years)
  • Financial records: Payroll, expense records (7 years for tax compliance)
  • Safety records: Incident reports, training certifications
  • Audit trails: Security logs, compliance records

Technical Data (May Remain):

  • Anonymized analytics: Aggregated usage statistics that cannot identify you
  • System logs: De-identified technical logs for security and performance
  • Backup data: May take up to 90 days to purge from all backup systems

7. Deletion Process and Timeline

Immediate Actions (Within 24 hours):

  • Account access disabled
  • Personal data marked for deletion
  • Processing activities stopped
  • Third-party partners notified

Short-term Deletion (Within 30 days):

  • Active databases purged
  • Personal identifiers removed
  • User-generated content deleted
  • Search indexes updated

Long-term Purging (Within 90 days):

  • Backup systems purged
  • Archive systems cleaned
  • Third-party integrations confirmed
  • Physical media destruction (if applicable)

Verification and Confirmation:

  • Deletion certificate provided upon completion
  • Audit trail maintained for compliance purposes
  • Follow-up confirmation available upon request

8. Third-Party Data Sharing

Partner Notification:

When you request erasure, we notify relevant third parties:

  • Analytics providers (Google Analytics, Firebase)
  • Customer support tools (Intercom)
  • Cloud storage providers (AWS, Google Cloud)
  • Email service providers
  • Employer-authorized integrations

Third-Party Responsibilities:

  • Each third party must delete data according to their policies
  • Some may have their own retention requirements
  • Direct contact may be needed for complete deletion
  • Links to third-party deletion processes provided when available

9. Employer Rights and Limitations

Data Controller Relationship:

  • Employer = Data Controller: Primary decision-maker for employee data
  • Pilla = Data Processor: Processes data on employer's behalf
  • Employee = Data Subject: Person requesting deletion

Employer Override Situations:

Your employer may have legitimate grounds to retain work-related data:

  • Legal obligations: Employment law, tax requirements, regulatory compliance
  • Legitimate interests: Business operations, legal defense, audit requirements
  • Contractual obligations: Employment contracts, confidentiality agreements

Balancing Rights:

When employer and employee interests conflict:

  1. Data minimization: Delete personal data, retain work-related data
  2. Anonymization: Remove personal identifiers while preserving business data
  3. Access restriction: Limit who can access retained data
  4. Regular review: Periodic assessment of continued retention necessity

10. Appeals and Complaints

Internal Appeal Process:

If your erasure request is refused or partially denied:

Step 1: Request Review

  • Email liam@yourpilla.com with "Erasure Appeal" in subject
  • Provide original request details and reason for appeal
  • Include any additional supporting information

Step 2: Senior Review

  • Senior data protection team reviews decision
  • Additional legal assessment if needed
  • Response within 30 days

Step 3: Final Decision

  • Detailed explanation of final decision
  • Information about external complaint options
  • Documentation of decision rationale

External Complaints:

You have the right to complain to supervisory authorities:

UK Users:

  • Information Commissioner's Office (ICO)
  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Online complaint form available

EU Users:

  • Contact your local Data Protection Authority
  • List available at: edpb.europa.eu

Other Jurisdictions:

  • Contact relevant privacy authority in your region
  • We'll provide specific guidance based on your location

11. Special Circumstances

Deceased Individuals:

  • Requests may be made by legal representatives
  • Additional documentation required for verification
  • Estate executor authority may be needed
  • Specific procedures for posthumous deletion

Minors (Under 18):

  • Enhanced deletion rights for children's data
  • Parental consent verification may be required
  • Expedited processing for child safety concerns
  • School/guardian notification procedures

Legal Proceedings:

  • Deletion may be suspended during active litigation
  • Court orders may override deletion requests
  • Legal hold procedures may apply
  • Regular review of legal requirements

Data Breaches:

  • Emergency deletion procedures available
  • Expedited processing for security concerns
  • Additional verification steps for compromised accounts
  • Coordination with incident response procedures

12. Technical Implementation

Deletion Methods:

  • Secure deletion: DoD 5220.22-M standard or equivalent
  • Cryptographic erasure: For encrypted data where keys are destroyed
  • Physical destruction: For hardware-based storage
  • Overwriting: Multiple-pass overwriting for traditional storage

Verification Procedures:

  • Deletion confirmation: Technical verification of data removal
  • Audit trails: Documented evidence of deletion process
  • Certificate provision: Formal confirmation of completed deletion
  • Regular audits: Periodic verification of deletion effectiveness

System Integration:

  • Automated processes: Where technically feasible
  • Manual verification: For complex data relationships
  • Database constraints: Handling referential integrity
  • API notifications: Automated third-party partner updates

13. Updates to This Policy

Change Management:

  • Regular review and updates as needed
  • Legal requirement changes incorporated promptly
  • User notification of material changes
  • Version control and change documentation

Notification Methods:

  • Email notification to registered users
  • Website and app notifications
  • 30-day notice period for significant changes
  • Clear explanation of changes provided

14. Contact Information

General Erasure Requests:

  • Email: support@yourpilla.com
  • Subject: "Right to Erasure Request"
  • Response time: Within 5 business days

Data Protection Officer:

  • Name: Liam Jones
  • Email: liam@yourpilla.com
  • Specializes in: Privacy rights, legal compliance, complex deletion requests

Postal Address:

Data Protection Team
86-90 Paul Street, 
London, 
EC2A 4NE

Legal Basis: This policy is established under UK GDPR Article 17, EU GDPR Article 17, and other applicable data protection regulations.

Policy Scope: This policy applies to all personal data processed by Your Pilla Ltd as both Data Controller and Data Processor.

Regular Review: This policy is reviewed annually or when legal requirements change.

For questions about this Right to Erasure Policy, contact liam@yourpilla.com.